US says Chinese intelligence behind cyberattack using Microsoft


ChinaAccording to a senior official, the intelligence service of the Ministry of State Security (MSS) was behind a massive international cyberattack in which tens of thousands of computers were infiltrated by vulnerabilities in Microsoft software. Biden management formal.

Beijing has also hired contracted Chinese hackers to carry out ransomware attacks in its financial crime schemes, the official told reporters on Sunday night.

“MSS is knowingly using criminal contract hackers to conduct unsanctioned cyber operations around the world,” the official said. “This is within the knowledge of the Department of State Security.”

He described the private hackers’ use of MSS as “truly stimulating and surprising for us.”

He added that cyberattacks that exploit a vulnerability in Microsoft Service Exchange software are also significant and “very clear to us.” US statements are part of a major US publicity campaign. Administration and its American allies are gearing up for Monday to expose the Chinese government’s extensive hacking operations.

Administration MSS will join the European Union, UK, Australia, Canada, New Zealand, Japan and NATO alliance to launch a joint publicity campaign focused on exposing and criticizing its cyber activities.

“We will show how the Department of State Security uses contract criminal hackers to conduct unsanctioned cyber operations globally, including for their own personal gain,” the senior official said. “His operations include criminal activities such as cyber-assisted extortion, crypto theft, and theft from victims around the world for financial gain.”

Some ransomware attacks – breaking into networks, encrypting data and demanding payment to release data – have involved Chinese government hackers in attacks on private companies that netted millions of dollars, the official said.

But links to ransomware attacks by groups affiliated with Chinese intelligence are a relatively new type of operation.

Cybersecurity analysts say most Chinese cyber operations, including the Microsoft Exchange Server attacks, involve the theft of data used by the Chinese government as part of its database collection for both secrets and private economic data.

“This was surprising to us,” the senior official said of MSS’s connection to the criminal ransomware, noting that the intelligence “provided new insights into the workings of MSS and the type of aggressive behavior we’re seeing emerging. China

Three US security agencies are publishing a 31-page report listing the extensive technical measures used by Chinese state-sponsored hackers to break into computer networks. The report, by the National Security Agency, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and the FBI, lists 44 different types of technical attacks by Chinese hackers and how to counter them.

“Chinese state-sponsored cyber actors aggressively engage US and allied political, economic, military, education and critical infrastructure (CI) personnel and organizations to steal sensitive data, critical and emerging key technologies, intellectual property and personally identifiable information (PII). way,” the agencies said.

Targeted sectors include “managed service providers, semiconductor companies, defense industry base (DIB), universities and healthcare institutions. This cyber operations support China‘ long-term economic and military development goals.”

The senior management official said security agencies had “high confidence” that the Microsoft attack included exploitation of so-called “zero-day” software flaws by MSS hackers.

Using People’s acronym, the official said, “We have raised our concerns about both the Microsoft incident and the wider PRC malicious cyber activity with senior PRC government officials and made it clear that PRC’s actions threaten security, trust and stability in cyberspace.” said. Republic of China. “The United States and our allies and partners do not exclude further actions to hold the PRC accountable,” he said.

A person familiar with the Microsoft Exchange Service hack, which began around January and continued throughout the spring, said a major American university and a major law firm were among the targets. The main purpose of the Chinese attack was to gain access to thousands of computer networks for information found on the networks.

After the data was leaked, China The person said he shared the vulnerabilities used to infiltrate systems with criminal hackers who, in some cases, launch ransomware attacks.

China’s hacking operations include the massive theft of both private and state secrets and theft of sensitive personal data.

For example, ChinaThe military has been linked by federal prosecutors to cyberattacks against Boeing that resulted in the theft of billions of dollars worth of secrets related to the C-17 military transport and F-22 and F-35 jets.

Someone China‘s most damaging alleged operations involved cyberattacks on the Office of Personnel Management that were uncovered in 2015. The stolen data included sensitive information pertaining to federal employees who had security clearances and were valuable in running counterintelligence operations.

China’s effort to enlist the support of US allies to expose its hacking operations, Biden management‘ forces him to refrain from taking unilateral measures.

“Our allies and partners are a tremendous source of strength and a unique American advantage and our collective approach to cyber threat information sharing and defense,” the senior official said.

Joining the Allies Administration It hopes to increase the sharing of information about cyber threats and network defenses.

NATO’s involvement in criticizing China’s cyber activities marks the first time the alliance has raised the issue publicly.

The US government announced in April that it is conducting cyber operations and taking proactive network defense actions to prevent systems compromised through Exchange Server vulnerabilities from being used for ransomware attacks or other malicious purposes.

The senior official was asked why. Administration It did not replicate the punitive action announced in April against Russia for its role in the SolarWinds cyber-attack. China.

“We do not exclude further actions to hold the PRC accountable,” the official said.

In April, the Treasury Department sanctioned 32 Russian banks and technology companies for their involvement in the SolarWinds cyberattacks.

Sign up for Daily Newsletters


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *